Windows Server 2003 SP2 - 28 Nov 2006

Microsoft's latest contribution to the upcoming holiday season is Windows Server 2003 Service Pack 2 (SP2). As you've come to expect from Microsoft service packs, Windows 2003 SP2 provides a combination of OS and security updates and new functionality. Let's take a look at what SP2 brings to the IT administrator.

What SP2 Is—and Isn't
With SP2, Microsoft returned to a more typical service pack by providing a cumulative patch rollup and additional functionality without any kernel changes. As a product of Microsoft's push to improve security, Windows 2003 SP1 included several changes to the Windows kernel, which resulted in some application compatibility problems. Because there are no kernel changes in SP2, it has none of the application compatibility concerns that accompanied SP1.

SP2 applies to Windows XP Professional x64 Edition as well as to all editions of Windows 2003 and Windows 2003 Release 2 (R2). In fact, SP2 is the first service pack for the x64 editions of Windows 2003 and XP Pro x64. Although SP2 does not apply to Windows Server 2003, Datacenter Edition, there are changes to that product's availability—see the sidebar "Virtualization and Availability for Windows Server 2003, Datacenter Edition" for details.

It might seem unusual to include XP Pro x64 in this service pack, but the XP x64 kernel consists of the same basic code as the x64 versions of Windows 2003. The version of XP for x86 processors has been at SP2 for some time, so Windows 2003 SP2 essentially levels the playing field by bringing the server OS to the same level as XP.

SP2 contains all previously released Security Bulletin updates and hotfixes. It also adds the following new languages to the already-available English and Japanese: German, French, Chinese Simplified, Chinese Traditional, Korean, Italian, Portuguese, Russian, and Spanish.

Windows Deployment Services
In addition to the basic OS updates, SP2 contains several new features, some of which were designed with Windows Vista and Longhorn Server compatibility in mind. The most important of these is Windows Deployment Services (WDS)—the redesigned replacement for Microsoft Remote Installation Services (RIS), which doesn't support the new Windows Imaging Format. WDS supports the deployment of Windows Imaging Format and offers improved security and the ability to better delegate administrative tasks.

MMC 3.0
Built using Microsoft .NET Framework 2.0, Microsoft Management Console (MMC) 3.0 provides a more management-oriented view of the system by coupling context-sensitive, action-oriented menu options with their corresponding management snap-ins. The new approach makes systems management easier for the IT generalist.

MMC 3.0 is installed by default with SP2; Figure 1 shows it with the Disk Management snap-in. On the right side of the screen you can see the MMC 3.0 Action Pane. The Action Pane provides context-sensitive commands that change as you change snap-ins and replaces the old method of having to click the snap-in and open the Action menu to select action options.

Other New Features
SP2 also includes support for Wi-Fi Protected Access 2 (WPA2) and provides a new XML parser and an updated version of the Cacls tool. WPA2 is Federal Information Processing Standard (FIPS) 140-2 compliant and improves Wi-Fi security by adding support for Advanced Encryption Standard (AES) encryption and 802.1x authentication. WPA2 support is installed by default.

The XMLLite parser is a lightweight parsing-tool designed to help administrators deal with the XML output that's produced by Microsoft administrative tools such as Dcdiag. (I'll have more to say about Dcdiag a little later.)

Icacls is an updated version of the Cacls tool. Like Cacls, Icacls lets you back up and reset the ACLs for files. Cacls had trouble propagating changes to inherited ACLs, but Icacls correctly handles inherited permissions and their propagation.

OS Enhancements
One of SP2's handiest enhancements is the Tools tab that's been added to the Msconfig interface. As Figure 2 shows, the Tools tab lets you easily run your favorite diagnostic tools directly from Msconfig. The Tools tab is especially cool in that it's XML-based, so you can easily customize the list by adding tools.

To accommodate the emergence of ultra-fast multigigabit networking, SP2 includes the new Scalable Networking Pack. Although the Windows TCP/IP stack was designed to utilize only one processor, the Scalable Networking Pack lets Windows networking take advantage of multiple processors. The Scalable Networking Pack also supports TCP Offload Engine technology, which shifts a portion of the TCP/IP packet processing responsibilities from the CPU to the NIC.

In addition, SP2's firewall authentication capabilities have been enhanced to enable secure extranet communications. In contrast to the original Windows 2003 firewall, which supports authentication only by IP address, the SP2 firewall supports authentication by port, enabling more granular authentication control.

An important IPsec improvement relates to the ability to isolate servers and domains, which assists in meeting Sarbanes-Oxley Act requirements. Whereas earlier versions of Windows 2003 needed approximately 400 filters to achieve domain and server isolation, SP2 requires only two filters, making isolation much easier to implement.

Two new XML output options—/x and /xsl—grace the Dcdiag tool. The /x option generates raw XML; you can use it with /xsl:xslfile.xsl to format into XML the output of DNS tests that you run with the /test:dns option. The /xsl option causes Dcdiag to use the specified Extensible Style Language (XSL) file to format output, giving you more control over the output. You can also use the XMLLite tool to parse the XML output generated by the Dcdiag output options.

SP2 improves Microsoft SQL Server performance under extreme workloads and speeds the performance of Windows 2003 when it runs as a multiprocessor guest while the Advanced Programming Interrupt Controller (APIC) is processing a large number of events. In response to customer requests, SP2 also increases the amount of default storage for Microsoft Message Queue Services (MSMQ) to 1GB.

SP2 Unwrapped
With its updates, new features, and OS enhancements, SP2 is a must-have for enterprise businesses. As with all software updates, be sure to test SP2 before rolling it out to make sure there aren't any problems with implementation in your specific environment.